If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Trouble is coming - Case in point.

For those who have read a few posts I have made here in the past about what certainly is coming down the pipe (because I feel that most of the releases in the past year are nothing more than tests for horribleness yet to come), I have gathered some info from a very reliable source about polymorphic viruses that will be coming to a theatre near you...

Author: Dr3f (You probably dont know him -- I only know of one other virus that he has coded - WM.NotFam)
Name of virus: Win32.Voltage
Detected: Not yet.. he says it 'may' be in the wild, but he hasn't released it yet.
It is written in ASM and is about 3800 lines of code (I dont have the source.. but that is how long he said it was)
Description: (From Dr3f) My new worm has the follow capabilities: global resident,PE\RAR infector,polymorphic with EPO feature,has mail worm that spoof address,that send itself to all temp inet files addresses and to all friends in the WAB.
Win32.Voltage is infected over a script encoder in this sample.
It drops a copy of the original virus as the name wvltg.exe into the system directory.
I found this interesting as it is a polymorphic, file infecting, mass mailing worm. There aren't many of these floating around.

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

polymorphic means that each time the virus copies itself, the fingerprint looks a little different, like varying the size or pattern of the executable. it does that so it's harder for av software to detect.

polymorphic means that each time the virus copies itself, the fingerprint looks a little different, like varying the size or pattern of the executable. it does that so it's harder for av software to detect.

Well I'm guessing the usual, Wreck havoc for a while just like melissa and code red and whatnot, and then get fixed, and then have about 100 new people on AO asking us how to fix their problem *whatever might the virus cause*